Privacy Policy

Last updated: February 14, 2026

1. Overview

Threat Teaming Framework ("TTF") is committed to protecting your privacy. This policy describes what data we collect, how we use it, and your rights regarding that data.

2. Data We Collect

Data Type	Purpose	Retention
Email address (via Google SSO)	Authentication & account identification	Duration of account
Organization name	Multi-tenant data isolation	Duration of account
Uploaded reports	Threat analysis, ATT&CK mapping, enrichment	Configurable (default: retained)
Generated findings & analytics	Trend analysis, dashboards, reporting	Configurable via data retention policy
Usage logs	Platform reliability & rate limiting	90 days
Audit logs	Security compliance & accountability	1 year

3. How Report Data Is Processed

Understanding exactly what happens to your uploaded reports is critical. Here is the complete data flow:

Step	Where It Runs	What Happens
1. Text Extraction	Our servers (local)	PDF text is extracted locally. No external API is called.
2. Technique Identification	Google Gemini API	Extracted text is sent to Google Gemini to identify ATT&CK techniques and validate findings. This is the only step that involves an external AI API.
3. Enrichment & Analysis	Our servers (local)	All further analysis — compliance mapping, risk scoring, detection generation, enrichment cross-referencing, and analytics — runs locally using deterministic SQL and Python calculations.
4. Storage	Our database	Results are stored in your organization's isolated PostgreSQL schema.

Important: The Google Gemini API call is stateless — Google does not retain your report text after the API response is returned. Your data is not used by Google to train models. For organizations requiring fully air-gapped processing, contact us about self-hosted deployment options.

4. General Data Usage

• Enrichment: Findings are cross-referenced against public threat intelligence feeds (MITRE ATT&CK, CISA KEV, Elastic Rules, LOLDrivers, etc.) — all data stays on our servers.
• Analytics: All 15 analytics engines (TMI, Defensive Debt, Blast Radius, etc.) compute results deterministically from your data using SQL aggregation. No AI/LLM is used for analytics.
• No Selling: We never sell your data to third parties.
• No Training: Your data is not used to train AI or machine learning models.

5. Data Isolation & Security

• All data is logically isolated by organization using PostgreSQL row-level scoping.
• Data is encrypted at rest (AES-256) and in transit (TLS 1.3).
• Infrastructure runs on Google Cloud Platform with SOC 2 Type II and ISO 27001 compliance.
• Access is controlled via Google Workspace SSO with role-based permissions (admin, user, viewer).

6. Third-Party Services

• Google Cloud Platform — hosting, database, authentication
• Google Gemini — AI-powered report analysis
• Stripe — payment processing (we do not store credit card numbers)
• Firebase Hosting — static frontend delivery

Each third-party provider maintains their own privacy policies and security certifications.

7. Data Retention & Deletion

• You may configure data retention policies via the platform's admin settings.
• You may request full data export or deletion by contacting hello@hoffmann.holdings.
• Upon account deletion, all associated data is permanently removed within 30 days.

8. Cookies

TTF uses essential session cookies for authentication. We do not use tracking cookies or third-party advertising cookies.

9. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request deletion of your data
• Export your data in a portable format
• Object to specific processing activities

10. Changes to This Policy

We may update this policy periodically. We will notify you of material changes via email or an in-app notification.

11. Contact

For privacy questions or data requests, contact us at hello@hoffmann.holdings.